RFR: 8218021: jarsigner strips the execute permission when signing a .zip file

Philipp Kunz philipp.kunz at paratix.ch
Fri Jan 17 12:40:46 UTC 2020

Hi Sean,

Nice patch. I wonder why permissions should be preserved only in zip
files. Jar files also are zip files, according to the jar file specs,
and hence, shouldn't jar files benefit of preserving permissions, too?

The file name extension is most often zip for zip files and jar for jar
files but is that really a safe assumption? I would not expect it
always. Removing

> if (zf.getName().toLowerCase().endsWith(".zip")) {

along with similar code in ZipFile would avoid discussing that question
and the test would not have to check that files with another name
extension than zip don't preserve permissions.


On Fri, 2020-01-17 at 10:59 +0000, Seán Coffey wrote:
> Hi,
> Looking to introduce some JDK private functionality which will help 
> preserve internal zip file attribute permissions when jarsigner is
> run 
> on a zip file. Some of the logic is taken from the recent work
> carried 
> out in this area for zipfs API.
> https://bugs.openjdk.java.net/browse/JDK-8218021
> http://cr.openjdk.java.net/~coffeys/webrev.8218021/webrev/
> regards,
> Sean.

More information about the security-dev mailing list